A Little Background

Today we are going to focus on how a website works, share an overview of a hosting environment, and explore some other aspects of how a website functions.

Back in the old days, a website was a simple text document located in the server’s files. HTML let webmasters define the formatting on a website with the flexibility comparable to an advanced text editor, such as MS Word and allowed them to display images, and eventually other media.

Our Affiliate Program offers 30% recurring commissions on all hosting product purchases. So, every time your client makes their renewal payment (monthly or annually) for their website, you get a 30% commision! Here are some basic instructions on how to sign up:

1. Activate your Affiliate Account by logging into your CCP and going to “Affiliate” and selecting “Overview” from the drop-down. On the page that opens, click “Activate Affiliate Account”

The European Union has implemented a new law called the General Data Protection Regulation - GDPR for short - to help protect personal data of EU citizens. As a company that has many clients in the European Union, we have taken this very seriously and took steps to make sure that our service is GDPR compliant, which means many good things for our clients, not only from the EU but from all around the world.

What's the big deal?

Around the world 2018 started out with a bang… and the tech-world was no exception! Two major vulnerabilities (Spectre: CVE-2017-5754, CVE-2017-5753 and Meltdown: CVE-2017-5715) were disclosed. These vulnerabilities affect the underlying hardware found in most of the worlds devices. This includes most phones, tablets, computers and web servers.

In the last few days, we have seen questions regarding the recently released ImageTragick vunerabilites. We began working to patch and protect the CloudAccess.net platform shortly after the vunerability was announced. Here are a few commonly asked questions that we have seen.

What is ImageTragick / CVE-2016–3714?

ImageTragick is the internet nickname that was given to CVE-2016–3714 to help spread the word of this vulnerability to end users and the media. It features a website and a logo and is a pun based on "ImageMagick".

Internet Protocol is the set of rules that governs the exchange of information and the way traffic is routed on the web. Internet Protocol Version 6 (IPv6) is the next generation Internet communication protocol that provides an identification and location system for devices, computers and networks and will replace IPv4, the current protocol that has many limitations. This blog shines some light on IPv6 and explains the impact on Internet users and how the CloudAccess.net platform is IPv6 ready.

The Growth of the Internet and the Need for a New Protocol

Originally developed in the 1970s, IPv4 is a cornerstone of the Internet as we know it. It was developed long before anyone could really imagine all of the interconnected devices that we have today. IPv4 allows for approximately 4.3 billion unique IP addresses, which might sound like a lot and certainly was a lot in 1970s standards. Nobody in 1970, however, could have predicted that the Internet would be as popular as it is or that many of us would be walking around with high speed computers in our pockets. With close to 3 billion current Internet users, IPv4 presents some serious limitations.

Essentially, the biggest limitation is that IPv4 is running out of the 32 bit addresses that each computer or device is required to have. An example of a 32 bit IPv4 address:

Throughout the last few days you may have heard news about the “Bash Bug”, a programming vulnerability posing a threat to Unix-based systems including Linux and Mac OS X. At CloudAccess.net we’ve done everything in our power to protect our network and our clients against the Bash Bug, but this blog contains some useful information that might help you take additional measures to protect yourself.

What is the Bash Bug?

Bash disrupts a computer or device’s normal operating system by taking control over the command prompt or “shell”, essentially telling the operating system what to do. Bash stands for “Bourne-again shell” and has also been referred to as “Shellshock”. The bug has been around since the 1980s, but has only recently been discovered and exposed as a threat. Without getting too technical, the bug enables outsiders to exploit the security of an affected device, computer or server.

In a recent online security blog post, Google announced positive results from search engine testing that took into account sites that “use secure, encrypted connections.” As a result, they will begin using HTTPS as a signal in their ranking algorithms. This decision encourages site owners to turn on encryption, making sites a lot more secure. In the past, many have been reluctant to make the switch from HTTP to HTTPS because of costs or fears that such a change would slow their page load time. Using today’s cost efficient, high-speed encryption methods, however, these aren't such huge factors anymore, and many site owners are making the change.

The Purpose of SSL Certificates

Secure Sockets Layer, or SSL, can be defined as a form of encryption that ensures that no information shared online is in plain text format. To be certain customers feel safe while sharing their credit card information and personal information online, websites started using SSL certificates as a solution to hacking, security breaches and data-tampering attempts.

How SSL Encryption Works

The diagram below illustrates the process that occurs when site visitors establish a secure session with a website that has an SSL certificate installed.

Technology is a funny thing. There is a perpetual push to create systems that are better, stronger and faster. This constant drive has led to innovations unimaginable just a few years ago, but being on the leading-edge leaves a lot of room for error. It’s a paradox really: in order to succeed you must experience failure. The web hosting industry certainly isn’t exempt from this catch 22. This blog explores the early days of our web hosting service, some of the failures we experienced on our journey, and how we achieved ultimate success by creating a unified web hosting platform.

Our Web Hosting Startup Phase

Starting our web hosting company was great fun. We were a web development company at first and we had a strong client base that wanted to host websites with us. Building our first server, turning it on, and seeing it rock gave us a lot of satisfaction. In no time, we were off and running.

As our company grew, so did our infrastructure. We added a few more servers and we created the Cloud Control Panel™(CCP), a management portal where clients could access server settings and manage their own applications. Managing two or three servers was fairly easy, but each server was inherently different. After reaching a certain number of clients, we were getting hosting support requests that required different solutions based on which server the site was hosted. Some servers were running on Centos, some on Debian and we even had some Free BSD machines.

We pride ourselves on having an extremely secure platform, but even the most secure hosting providers see hacked websites on a daily basis. Almost always, the goal of the hacker is to steal content, send spam, spread malware or conduct some type of phishing scam. Many times we’ll see a site administrator clean a site only for it to be hacked again a few days later, and then they come to us wanting to know why. We find that some additional steps that can secure a site and fend off attacks are often neglected. This blog explains why sites are hacked, steps for cleaning up a hacked site, and preventative measures that can be taken to secure the site moving forward.

Why sites get hacked

Vulnerable Extensions

There are several reasons a site can be hacked, but the culprit we identify most often is an outdated extension. Updating extensions is critical because hackers can easily identify vulnerabilities in older versions, which are like a wide open back door to the site. If you’re using a Joomla site, it’s best practice to visit the Vulnerable Extensions List frequently. If you see an extension you’re using on this list, download and install the patches immediately. If no patches exist, disable the extension and find something to replace it.

Outdated Applications

Another reason we see sites hacked is because the site itself is an older version of the application, like Joomla 1.5 for example, which is no longer supported with security patches. We provide a managed hosting platform, which means we’ll update versions for you when a new STS (short term support) version becomes available. When a new LTS (long term support) version becomes available, it’s up to site administrators to upgrade on their own. It’s definitely best practice to stay current with the most recent version of your application.